Having some trouble with the authorization code flow. Hoping someon could shed some light.
For our use case we manage our own users, and our users can log into our site using our own in house authentication. When a user logs in we are then trying to SSO the user into a second web site. The second site should be able to access protected services hosted the first site.
The user would click a link on the first site which takes them to the other site, and that site would use the client ID that we give them to authorize against auth0 to get an access code. At that stage we don’t want to ask the user for any credentials (authN) cause they’ve already logged into the first site.
This is how we make the request to auth0 /authorize endpoint:
https://[name].auth0.com/authorize?response_type=code&client_id=OUR_CLIENT_IDf&launch=MySampleData&redirect_uri=OUR_REDIRECT_URI&state=STATE&scope=SCOPE&prompt=none
In the request above we set prompt=none for silent authorization. The issue is that the auth0 server does not return a code. It says “Failed Silent Auth” with an error message of “Login required”. It seems like auth0 requires authentication to an idp (authz). How does that work in our flow where the user has already logged into our site via our custom in-house login?
Thanks,
Seth